Date: Sat, 1 Nov 2008 20:13:46 +0000 (UTC) From: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> To: Christer Edwards <christer.edwards@gmail.com> Cc: freebsd-jail@freebsd.org Subject: Re: dhcpd possible within jail? Message-ID: <20081101200710.V41609@maildrop.int.zabbadoz.net> In-Reply-To: <20081101155205.GD90953@parkman.zelut.org> References: <20081101155205.GD90953@parkman.zelut.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 1 Nov 2008, Christer Edwards wrote: > I recently set up a few jails for internal network services (sshd, bind, > dhcpd, etc.) The only issue I have so far is that dhcpd doesn't seem to > work within the jail env. It appears to start properly, and the process > shows in top, but no leases are ever given out. [ ...] > I have also allowed raw_sockets from the host (unless there is another > way to accomplish this). > > If anyone can tell me what I'm missing, or if its simply a jail > limitation I'd appreciate it. dhcpd imho needs bpf, so you would have to expose /dev/bpf* to that jail and perhaps also /dev/net* things.. try adding something like this to your /etc/devfs.rules [devfsrules_jail_dhcp=5] add include $devfsrules_hide_all add include $devfsrules_unhide_basic add include $devfsrules_unhide_login add path 'bpf*' unhide add path net unhide add path 'net/*' unhide the number is the first free that is not in your /etc/defaults/devfs.rules and /etc/devfs.rules. That done change the /etc/rc.conf line for that jail to jail_FOOOOOO_devfs_ruleset="devfsrules_jail_dhcp" with FOOOOOO being the right jail name of course and restart the jail. Within the jail do a ls -l /dev/bpf* ; if there are no entries you'll need to reapply the devfs rules from the base system (sh /etc/rc.d/devfs start might do that). Try the ls again. imho, you do not need to allow raw sockets. HTH /bz -- Bjoern A. Zeeb Stop bit received. Insert coin for new game.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081101200710.V41609>